Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

SSL Error while connecting to ambari server after hardware change

Labels:
avatar
author-rank sedatkestepe
Expert Contributor

Created ‎12-27-2018 02:06 PM

Hello,

We had a problem with one of our node's mainboard and it was changed.

As we re-opened the node ambari agent could not connect to ambari server with below error:

INFO 2018-12-27 16:59:24,790 NetUtil.py:70 - Connecting to https://master01:8440/ca
ERROR 2018-12-27 16:59:24,797 NetUtil.py:96 - EOF occurred in violation of protocol (_ssl.c:618)
ERROR 2018-12-27 16:59:24,797 NetUtil.py:97 - SSLError: Failed to connect. Please check openssl library versions.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 for more details.
WARNING 2018-12-27 16:59:24,797 NetUtil.py:124 - Server at https://master01:8440 is not reachable, sleeping for 10 seconds...

My humble guess is that old keys were not accepted by ambari server with new hardware. Guys who installed the mainboard says they updated the seriel with the old one.

How can I get back this node? Is there any way to renew keys?

PS: There are no files in path /var/lib/ambari-agent/keys/

Thanks in advance.

4,605 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎12-27-2018 05:52 PM

@Sedat Kestepe To resolve this issue, add the following property in ambari-agent.ini (/etc/ambari-agent/conf/ambari-agent.ini) file under [security]and restart ambari-agent:

========

[security]

force_https_protocol=PROTOCOL_TLSv1_2

===========

Please accept this answer if its helpful

View solution in original post

4,352 Views
5 REPLIES 5

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎12-27-2018 05:52 PM

@Sedat Kestepe To resolve this issue, add the following property in ambari-agent.ini (/etc/ambari-agent/conf/ambari-agent.ini) file under [security]and restart ambari-agent:

========

[security]

force_https_protocol=PROTOCOL_TLSv1_2

===========

Please accept this answer if its helpful

4,353 Views

avatar
author-rank sedatkestepe
Expert Contributor

Created ‎12-28-2018 11:16 AM

Hello @scharan ,

Thanks for your reply.

I have a feeling that renewal of agent keys (maybe both on agent and server) would be the proper way. Do you aggree?


Regardless of that, of course I accept this answer! Agent can connect now and works fine! Thanks a lot @scharan!

Best regards. Have a nice day and new year!

4,352 Views
0 Kudos

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎12-28-2018 11:57 AM

@Sedat Kestepe

this issue occurs when Java is restricting the TLSv1 used by the Ambari Agents. By default, ambari-agent connects to TLSv1, unless specified by force_https_protocol=PROTOCOL_TLSv1_2 in ambari-agent.ini.

4,352 Views
0 Kudos

avatar
author-rank sedatkestepe
Expert Contributor

Created ‎12-28-2018 12:09 PM

This issue occurred after mainboard change. Do you think it is related with this change? Or nothing to do with it?

4,352 Views
0 Kudos

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎12-28-2018 12:59 PM

@Sedat Kestepe

no it is not related to mainboard changed

4,352 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements